CWE-416
AllowedUse After Free
Abstraction: Variant · Status: Stable
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
9811 vulnerabilities reference this CWE, most recent first.
GHSA-X2V5-P27F-53WP
Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
{
"affected": [],
"aliases": [
"CVE-2020-11656"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-09T03:15:00Z",
"severity": "HIGH"
},
"details": "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.",
"id": "GHSA-x2v5-p27f-53wp",
"modified": "2022-05-24T17:13:57Z",
"published": "2022-05-24T17:13:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11656"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200416-0001"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.sqlite.org/src/info/d09f8c3621d5f7f8"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"type": "WEB",
"url": "https://www3.sqlite.org/cgi/src/info/b64674919f673602"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X2X6-CRWM-2F29
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
{
"affected": [],
"aliases": [
"CVE-2011-3074"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-04-05T22:02:00Z",
"severity": "MODERATE"
},
"details": "Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.",
"id": "GHSA-x2x6-crwm-2f29",
"modified": "2022-05-13T01:27:23Z",
"published": "2022-05-13T01:27:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3074"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74634"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15513"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=119281"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48732"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48749"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201204-03.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5400"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5485"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5503"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/52913"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026892"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X32X-WV35-MQP3
Vulnerability from github – Published: 2022-05-17 03:04 – Updated: 2022-05-17 03:04Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2017-2955"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-11T04:59:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-x32x-wv35-mqp3",
"modified": "2022-05-17T03:04:02Z",
"published": "2022-05-17T03:04:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2955"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95343"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037574"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X347-9XFM-4XHH
Vulnerability from github – Published: 2025-09-10 18:30 – Updated: 2025-09-10 18:30An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. The method violates Rust's aliasing rules by modifying a data structure through a mutable pointer while only holding an immutable reference, which can lead to undefined behavior when the data is accessed later.
{
"affected": [],
"aliases": [
"CVE-2025-57616"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-02T16:15:40Z",
"severity": "HIGH"
},
"details": "An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. The method violates Rust\u0027s aliasing rules by modifying a data structure through a mutable pointer while only holding an immutable reference, which can lead to undefined behavior when the data is accessed later.",
"id": "GHSA-x347-9xfm-4xhh",
"modified": "2025-09-10T18:30:13Z",
"published": "2025-09-10T18:30:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57616"
},
{
"type": "WEB",
"url": "https://github.com/meh/rust-ffmpeg/issues/192"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X34Q-HHHP-2HP9
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-8213"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-17T21:15:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-x34q-hhhp-2hp9",
"modified": "2022-05-24T16:59:24Z",
"published": "2022-05-24T16:59:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8213"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X35G-9JV4-FF77
Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2025-11-25 18:32Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
{
"affected": [],
"aliases": [
"CVE-2016-9898"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-11T21:29:00Z",
"severity": "CRITICAL"
},
"details": "Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.",
"id": "GHSA-x35g-9jv4-ff77",
"modified": "2025-11-25T18:32:05Z",
"published": "2022-05-14T03:10:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9898"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1314442"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-3757"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94885"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037461"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X35P-Q7VP-559R
Vulnerability from github – Published: 2022-05-02 06:09 – Updated: 2024-02-03 03:30Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
{
"affected": [],
"aliases": [
"CVE-2010-0050"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-03-15T14:15:00Z",
"severity": "HIGH"
},
"details": "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.",
"id": "GHSA-x35p-q7vp-559r",
"modified": "2024-02-03T03:30:26Z",
"published": "2022-05-02T06:09:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0050"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56836"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7587"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41856"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/43068"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4070"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4225"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/38671"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1023708"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0552"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X36G-M9V8-74V5
Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14015.
{
"affected": [],
"aliases": [
"CVE-2021-34835"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-04T16:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14015.",
"id": "GHSA-x36g-m9v8-74v5",
"modified": "2022-05-24T19:09:58Z",
"published": "2022-05-24T19:09:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34835"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-917"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X39C-XJVF-WFG8
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-06 06:30Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-11116"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:17:17Z",
"severity": "HIGH"
},
"details": "Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Medium)",
"id": "GHSA-x39c-xjvf-wfg8",
"modified": "2026-06-06T06:30:28Z",
"published": "2026-06-05T00:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11116"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/501376612"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X3C4-52MM-7PP9
Vulnerability from github – Published: 2024-11-12 18:30 – Updated: 2024-11-12 18:30Windows SMB Denial of Service Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-43642"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T18:15:33Z",
"severity": "HIGH"
},
"details": "Windows SMB Denial of Service Vulnerability",
"id": "GHSA-x3c4-52mm-7pp9",
"modified": "2024-11-12T18:30:59Z",
"published": "2024-11-12T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43642"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43642"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Language Selection
Choose a language that provides automatic memory management.
Mitigation
Strategy: Attack Surface Reduction
When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.
No CAPEC attack patterns related to this CWE.